Job Snapshot

About Us

AF Group is committed to providing the best workers compensation product and customer service to companies and their employees across the country. Our specialized business model produces superior returns and we have a strong track record of outperforming the industry. By operating as a specialist we gain a competitive advantage and have created a lasting value for our stakeholders and customers.
Our size and specialization allow us to create significant economies of scale, and skill, for our operating units. We have the specialty expertise and financial strength and backing to make investments in technologies, processes and talent that other carriers cannot afford. This national footprint and strength is complimented by a regional market approach, with four distinct operating units that have an intimate knowledge of their customers, injured workers, and agents and brokers. Each operating unit offers superior underwriting, marketing, loss control and claims services in their niche and focused markets. The combination of a national footprint and strength with a local market expertise is what makes our organization so strong and enables our long-term outperformance of our peers.

Job Description

This position will be responsible for building and maintaining the vision, strategy and programs required to ensure information assets are appropriately protected. This role establishes and leads the information security and assurance function, provides oversight for personnel with significant information security related duties as well as assists senior leadership with their information security responsibilities. Overall, this role ensures that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.

RESPONSIBILITIES/TASKS:

Build and lead cross-functional teams that support security initiatives.

Develop short term and long term strategies for identity & access management, cyber engineering & operations, governance and risk, threat management and application security.

Identify, select and manage security vendors to ensure that service delivery and support meet performance and business objectives.

Continuously evaluate and assess current and future security needs of the organization and make recommendations and business case requests to substantiate changes.

Develop and maintain project scope, timeline and budgets, through internal team and business partners.

Manage customer communications as they relate to security initiatives.

Understand and adhere to the regulatory and compliance requirements that impact either current business operations or potential client engagements

Anticipate trends, situations, or changing market conditions and take appropriate action on a timely basis.

Think in an innovative and creative way to assist in the growth of our business by providing timely and flexible security solutions

Drives and maintains the information security operations function, including the oversight of information security personnel, the development of information security programs and the identification and mitigation of information security risks.

Leads programs and processes to design a threat assessment framework, monitors the emergence of new threats and vulnerabilities, assess impacts and drive responses as appropriate. Ensures ongoing analysis of information security threats, vulnerabilities, and trends.

Supports the evaluation of risk mitigation language in third party agreements and vendor support contracts.

Designs a Security Operations Center (SOC) capable of implementing the programs and processes and leading an incident response plan. Develops metrics reporting to communicate effectiveness of SOC to leadership.

Ensures clear and timely business advice is provided to executive management on key information security and assurance issues.

Ensures that information security and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed.

Builds sound business relationships to enable a strong understanding and close alignment with business needs, direction, and risk tolerance.

Maintains relationships with threat intelligence communities, local, state and federal law enforcement and other related government agencies.

Collaborates with various departments to understand and address the risk position around key business applications.

Oversees the development and maintenance of information security policies, including standards and processes that fit the organization at all levels.

DIRECTION EXERCISED:

Directly supervises staff in accordance with company policies and applicable Federal and State Laws. Responsibilities include but are not limited to developing staffing plans and information security budgets, effectively interviewing, hiring, terminating, and training employees; planning, assigning and directing work; appraising performance; rewarding and counseling employees; addressing complaints and resolving problems; supporting and encouraging the engagement process.

EDUCATION OR EQUIVALENT

EXPERIENCE:

Bachelor's degree in computer science, business administration or a technology-related field. Relevant combination of education and experience may be considered in lieu of degree. Professional security management certification such as CISA, CISM, CISSP is preferred.

EXPERIENCE:

Five to seven years of experience leading information risk, security and governance teams, transforming functions and changing culture. Experience with leading the response to incidents, crisis, and investigations with sensitivity, tenacity, and a focus on detail. Extensive experience in information security architecture, information security standards, consultative stakeholder management, and strategic planning. Experience with classified networks, information classification, and confidentiality requirements associated with high security environments. Three years demonstrated leadership in information security program management.

Knowledge of common information security management frameworks such as NIST, COBIT, ISO/IEC 27001, ITIL, and HITRUST.

Knowledge and understanding of relevant legal and regulatory requirements such as HIPAA, FISMA, NIST 800-53, etc.

Knowledge of technological trends and developments in the area of information security and risk management; Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.

Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.

WORKING CONDITIONS:

Work is performed in an office setting with no unusual hazards. Minimal travel required.

The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.

We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an "at will" basis. Nothing herein is intended to create a contract.